- Major highlights:
- Lua 5.4 support
- Fixed CVE-2024-55553
- New match community-count BGP command to limit communities count
- New set metric igp|aigp BGP command to inject IGP metric as MED into BGP
- New bgp ipv6-auto-ra BGP command
- Optimize BGP EVPN L2VNI/L3VIN remote routes processing
- Respect non-transitive BGP extended communities between direct peers
- Drop deprecated bgp network import-check exact command
- Handle BGP ENHE (Extended Next Hop Encoding) capability via dynamic capability
- Implement BGP connect backoff retry
- Implement an ability to import BMP information from a separate BGP instance
- Add support of BGP color extended community color-only types
- Implement SBFD
- Add support for SRv6 static SIDs
- Implement embedded-rp for PIMv6
- Implement AutoRP mapping-agent for PIM
- Implement MSDP peer SA limiting
Signed-off-by: Jafar Al-Gharaibeh <jafar@atcorp.com>
Ensure that the zserv.api socket is actually up and running
before moving onto other daemons after zebra.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 009f42dd5b)
Currently the topotest infrastructure is starting up daemons
in mgmtd,zebra, staticd then everything else.
The problem that is happening, under heavy load, is that
zebra may not be fully started and when a daemon attempts
to connect to it, it will not be able to connect.
Some of the daemons do not have great retry mechanisms at all.
In addition our normal systemctl startup scripts actually
wait a small amount of time for zebra to be ready before
moving onto the other daemons.
Let's make topotests startup a tiny bit more nuanced
and have mgmtd fully up before starting up zebra.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit dd609bc069)
Add the sbfd documentation, such as it is, to the
developer documentation so that it can be read
by people.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit f1c75deb8e)
The building-frr-for-ubuntu2404 and building-doc were missing
from the compilation of developer documents.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 4738cb51d2)
Try to give some good examples of various lists being
converted over to the typesafe way of doing things.
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 39909f9fb9)
When receiving MLD messages, prefer pktinfo over msghdr.msg_name for
determining the source interface. The latter is just the VRF master
interface in case of VRF and we need the true interface the packet was
received on instead.
Signed-off-by: Martin Buck <mb-tmp-tvguho.pbz@gromit.dyndns.org>
(cherry picked from commit 374c8dc4db)
The capacity of the xpath string was not guaranteed to be sufficient to hold all
the key predicates and so would truncate. Calculate the required space and
guarantee that it is available.
Signed-off-by: Christian Hopps <chopps@labn.net>
Edges are not correctly linked to Vertices during LSP processing. In function
lsp_to_edge_cb(), once edge created or updated from the LSP TLVs, the code try
to link the edge to destination vertices. In case the revert edge is not found,
the code try to found a destination vertex to link to. But, the sys_id used
for this operation corresponds to the source vertex. As a result, the edge is
attached as source and destination of the vertex. When Traffic Engineering is
stopped, TED is deleted which result into a double free of the edge attributes.
This cause a crash when attempt to free extended admin groupi the second time.
This patch removed wrong code which link twice the edge to the source vertex.
Signed-off-by: Olivier Dugeon <olivier.dugeon@orange.com>
(cherry picked from commit 605fc1dd64)
Add a test case to verify that staticd is able to re-install all SIDs
after disabling and re-enabling SRv6.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
(cherry picked from commit 0e0eca6c5f)
Add a test case to verify that staticd removes all SIDs when the
`no srv6` command is executed.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
(cherry picked from commit 58373a61d5)
A user can configure static SIDs as follows:
[...]
segment-routing
srv6
static-sids
sid fcbb:bbbb:1::/48 locator MAIN behavior uN
sid fcbb:bbbb:1:fe00::/64 locator MAIN behavior uDT46
[...]
When the user runs vtysh and executes the `no srv6` command, the
expectation is that staticd will deallocate all SIDs.
However, currently FRR does not behaves as expected. After the user
executes `no srv6`, the SIDs are still present.
The problem is that vtysh does not forward the `no srv6` command to
mgmtd/staticd.
The `no srv6` command is defined using the `DEFUN_YANG_NOSH` macro,
which instructs `xref2vtysh.py` to skip the `no srv6` command during
the generation of `vtysh_cmd.c`. As a result, vtysh is unaware that it
should forward the `no srv6` command to mgmtd/staticd.
This commit fixes the issue by replacing `DEFUN_YANG_NOSH` with
`DEFUN_YANG`. This change ensures that `xref2vtysh.py` includes the
`no srv6` command when generating `vtysh_cmd.c` and makes vtysh forward
the `no srv6` command to mgmtd/staticd.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
(cherry picked from commit b94be4a1c5)
```
[...]
segment-routing
srv6
static-sids
sid fcbb:bbbb:1::/48 locator MAIN behavior uN
sid fcbb:bbbb:1:fe10::/64 locator MAIN behavior uDT4 vrf Vrf10
sid fcbb:bbbb:1:fe20::/64 locator MAIN behavior uDT6 vrf Vrf20
sid fcbb:bbbb:1:fe30::/64 locator MAIN behavior uDT46 vrf Vrf30
sid fcbb:bbbb:1:fe40::/64 locator MAIN behavior uA interface sr0 nexthop 2001::2
[...]
```
When the user has a configuration like the one above and runs the
command `frr-reload.py --reload`, the following error occurs:
```
[1129654|mgmtd] sending configuration
line 17: % Unknown command[76]: sid fcbb:bbbb:1::/48 locator MAIN behavior uN
line 23: % Unknown command[76]: sid fcbb:bbbb:1:fe10::/64 locator MAIN behavior uDT4 vrf Vrf10
line 29: % Unknown command[76]: sid fcbb:bbbb:1:fe20::/64 locator MAIN behavior uDT6 vrf Vrf20
line 35: % Unknown command[76]: sid fcbb:bbbb:1:fe30::/64 locator MAIN behavior uDT46 vrf Vrf30
line 41: % Unknown command[76]: sid fcbb:bbbb:1:fe40::/64 locator MAIN behavior uA interface sr0 nexthop 2001::2
```
The problem is that in `frr-reload-py` all commands that start a new
multi-line context must be included in the `ctx_keyword` dictionary.
However, the `static-sids` command is not part of the `ctx_keyword`
dictionary.
This commit fixes the problem by adding `static-sids` to `ctx_keyword`.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
(cherry picked from commit a515de1c46)
Add a test case to verify that staticd is able to re-install all SIDs
after deleting and re-adding them.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
(cherry picked from commit 641f0c6deb)
Add a test case to verify that staticd removes all SIDs when the
`no static-sids` command is executed.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
(cherry picked from commit 303be67e6a)
Previous commits introduced the `no` form for the `static-sids` command.
This change allow users to remove all static SIDs at once.
This commit makes the `no static-sids` command available in vtysh.
```
router# config
router(config)# segment-routing
router(sr)# srv6
router(srv6)# no static-sids
```
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
(cherry picked from commit 96134d1964)
Currently, when the user tries to delete all static SIDs with the
`no static-sids` command, staticd returns an error.
```
router# config
router(config)# segment-routing
router(sr)# srv6
router(srv6)# no static-sids
% Unknown command: no static-sids
```
The problem is the `static-sids` command does not support the `no` form.
This PR enables the `no` form for the `static-sids` command.
```
router# config
router(config)# segment-routing
router(sr)# srv6
router(srv6)# no static-sids
```
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
(cherry picked from commit ab7a7541a6)
This commit converts the `static-sids` command from `DEFUN` to `DEFPY`
to simplify the parsing of the command string definition.
Signed-off-by: Carmine Scarpitta <cscarpit@cisco.com>
(cherry picked from commit e7640f3885)
ci is picking up this use after free on occasion:
ERROR: AddressSanitizer: attempting to call malloc_usable_size() for pointer which is not owned: 0x6030001d94a0
0 0x7fab994b7f04 in __interceptor_malloc_usable_size ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:119
1 0x7fab994264f6 in __sanitizer::BufferedStackTrace::Unwind(unsigned long, unsigned long, void*, bool, unsigned int) ../../../../src/libsanitizer/sanitizer_common/sanitizer_stacktrace.h:131
2 0x7fab994264f6 in __asan::asan_malloc_usable_size(void const*, unsigned long, unsigned long) ../../../../src/libsanitizer/asan/asan_allocator.cpp:1058
3 0x7fab99039bcf in mt_count_free lib/memory.c:78
4 0x7fab99039bcf in qfree lib/memory.c:130
5 0x7fab98ff971a in hash_clean lib/hash.c:290
6 0x56110cdb0e7f in mgmt_txn_hash_destroy mgmtd/mgmt_txn.c:1881
7 0x56110cdb0e7f in mgmt_txn_destroy mgmtd/mgmt_txn.c:2013
8 0x56110cd8e5de in mgmt_terminate mgmtd/mgmt.c:91
9 0x56110cd8e003 in sigint mgmtd/mgmt_main.c:90
10 0x7fab990bf4b0 in frr_sigevent_process lib/sigevent.c:117
11 0x7fab990ea7a1 in event_fetch lib/event.c:1740
12 0x7fab9901a24e in frr_run lib/libfrr.c:1245
13 0x56110cd8e21f in main mgmtd/mgmt_main.c:290
14 0x7fab98af9249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
15 0x7fab98af9304 in __libc_start_main_impl ../csu/libc-start.c:360
16 0x56110cd8dd30 in _start (/usr/lib/frr/mgmtd+0x3ad30)
0x6030001d94a0 is located 0 bytes inside of 24-byte region [0x6030001d94a0,0x6030001d94b8)
freed by thread T0 here:
0 0x7fab994b76a8 in __interceptor_free ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:52
1 0x7fab99039bf0 in qfree lib/memory.c:131
2 0x7fab98ff93e1 in hash_release lib/hash.c:227
3 0x56110cdaabdc in mgmt_txn_unlock mgmtd/mgmt_txn.c:1931
4 0x56110cdab049 in mgmt_txn_delete mgmtd/mgmt_txn.c:1841
5 0x56110cdab0ce in mgmt_txn_hash_free mgmtd/mgmt_txn.c:1864
6 0x7fab98ff970b in hash_clean lib/hash.c:288
7 0x56110cdb0e7f in mgmt_txn_hash_destroy mgmtd/mgmt_txn.c:1881
8 0x56110cdb0e7f in mgmt_txn_destroy mgmtd/mgmt_txn.c:2013
9 0x56110cd8e5de in mgmt_terminate mgmtd/mgmt.c:91
10 0x56110cd8e003 in sigint mgmtd/mgmt_main.c:90
11 0x7fab990bf4b0 in frr_sigevent_process lib/sigevent.c:117
12 0x7fab990ea7a1 in event_fetch lib/event.c:1740
13 0x7fab9901a24e in frr_run lib/libfrr.c:1245
14 0x56110cd8e21f in main mgmtd/mgmt_main.c:290
15 0x7fab98af9249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
previously allocated by thread T0 here:
0 0x7fab994b83b7 in __interceptor_calloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:77
1 0x7fab990392fd in qcalloc lib/memory.c:106
2 0x7fab98ff8b4f in hash_get lib/hash.c:156
3 0x56110cdb13ae in mgmt_txn_create_new mgmtd/mgmt_txn.c:1825
4 0x56110cdb3b4d in mgmt_txn_notify_be_adapter_conn mgmtd/mgmt_txn.c:2212
5 0x56110cd91178 in mgmt_be_adapter_conn_init mgmtd/mgmt_be_adapter.c:842
6 0x7fab990ec6de in event_call lib/event.c:2019
7 0x7fab9901a243 in frr_run lib/libfrr.c:1246
8 0x56110cd8e21f in main mgmtd/mgmt_main.c:290
9 0x7fab98af9249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
The only time that mgmt_txn_hash_free is called is in hash_clean.
There are other places that mgmt_txn_unlock/delete are called and
hash_release should be called. Let's just notice when mgmtd is
being called from the hash_clean and not call hash_release (since
we know it is being released already)
Signed-off-by: Donald Sharp <sharpd@nvidia.com>
(cherry picked from commit 62f35c7bdb)
Creates the default VRF instance after the other VRF instances. The
default VRF instance is created in hidden state. Check that AS number
in show run is correctly written.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 077a2b0dfc)
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Upon configuration of a VRF instance that references an absent default
VRF with "import vrf default", the default instance is created in hidden
state. However, the default instance is not properly un-hidden when
configured.
Restore the behavior prior to commit below.
Fixes: 9f7177af13 ("bgpd: fix duplicate BGP instance created with unified config")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 70e07678bf)
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
Test that leaving the hidden BGP instance state is working.
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 118afe4690)
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
'import vrf VRF' could define a hidden bgp instance with
the default AS_UNSPECIFIED (i.e. = 1) value.
When a
router bgp AS vrf VRF
gets configured later on, replace this AS_UNSPECIFIED setting
with a requested value.
Fixes: 9680831518 ("bgpd: fix as_pretty mem leaks when un-hiding")
Signed-off-by: Alexander Skorichenko <askorichenko@netgate.com>
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 1515a59202)
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
This reverts commit 2ff08af78e.
The fix is obviously wrong.
Link: 2ff08af78e
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 339206341f)
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
bgp_process_queue_init() is not called in bgp_create() when leaving the
BGP instance hidden state because of the following goto:
> if (hidden) {
> bgp = bgp_old;
> goto peer_init;
> }
Upon reconfiguration of the default instance, the prefixes are never set
into a meta queue by mq_add_handler(). They are never processed for
zebra RIB installation and announcements of update/withdraw.
Do not delete the BGP process_queue when hiding.
Fixes: 4d0e7a49cf ("bgpd: VRF-Lite fix default bgp delete")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit 71a3756f2d)
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
When unconfiguring a default BGP instance with VPN SAFI configurations,
the default BGP structure remains but enters a hidden state. Upon
reconfiguration, the instance name incorrectly appears as "VIEW ?"
instead of "VRF default". And the name_pretty pointer
The name_pretty pointer is replaced by another one with the incorrect
name. This also leads to a memory leak as the previous pointer is not
properly freed.
Do not rewrite the instance name.
Fixes: 4d0e7a49cf ("bgpd: VRF-Lite fix default bgp delete")
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
(cherry picked from commit d2ff7e8a21)
Signed-off-by: Louis Scalbert <louis.scalbert@6wind.com>
This PR fixes FRR issue https://github.com/FRRouting/frr/issues/18040. The
OSPFv3 route is locked during the ABR calculation since there are
scenarios under which it is freed. The OSPFv3 ABR computation is
sub-optimal and this PR doesn't attempt to rework it.
Signed-off-by: Acee Lindem <acee@lindem.com>
(cherry picked from commit 06af50eace)
